Snapshots in deduplication

ABSTRACT

A method, system, and program product for creating a virtual LUN from data on a de-duplication device and exposing, via a DPA, the virtual LUN.

RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/248,926 entitled “SNAPSHOTS IN DEDUPLICATION” filed on Sep. 29, 2011.This application is related to U.S. patent application Ser. No.13/248,918 entitled “SNAPSHOTS IN DEDUPLICATION,” filed on Sep. 29,2011. The contents of which are hereby incorporated by reference.

A portion of the disclosure of this patent document may contain commandformats and other computer language listings, all of which are subjectto copyright protection. The copyright owner has no objection to thefacsimile reproduction by anyone of the patent document or the patentdisclosure, as it appears in the Patent and Trademark Office patent fileor records, but otherwise reserves all copyright rights whatsoever.

TECHNICAL FIELD

This invention relates to data replication.

BACKGROUND

Computer data is vital to today's organizations, and a significant partof protection against disasters is focused on data protection. Assolid-state memory has advanced to the point where cost of memory hasbecome a relatively insignificant factor, organizations can afford tooperate with systems that store and process terabytes of data.

Conventional data protection systems include tape backup drives, forstoring organizational production site data on a periodic basis. Suchsystems suffer from several drawbacks. First, they require a systemshutdown during backup, since the data being backed up cannot be usedduring the backup operation. Second, they limit the points in time towhich the production site can recover. For example, if data is backed upon a daily basis, there may be several hours of lost data in the eventof a disaster. Third, the data recovery process itself takes a longtime.

Another conventional data protection system uses data replication, bycreating a copy of the organization's production site data on asecondary backup storage system, and updating the backup with changes.The backup storage system may be situated in the same physical locationas the production storage system, or in a physically remote location.Data replication systems generally operate either at the applicationlevel, at the file system level, or at the data block level.

Current data protection systems try to provide continuous dataprotection, which enable the organization to roll back to any specifiedpoint in time within a recent history. Continuous data protectionsystems aim to satisfy two conflicting objectives, as best as possible;namely, (i) minimize the down time, in which the organization productionsite data is unavailable, during a recovery, and (ii) enable recovery asclose as possible to any specified point in time within a recenthistory.

Continuous data protection typically uses a technology referred to as“journaling,” whereby a log is kept of changes made to the backupstorage. During a recovery, the journal entries serve as successive“undo” information, enabling rollback of the backup storage to previouspoints in time. Journaling was first implemented in database systems,and was later extended to broader data protection.

One challenge to continuous data protection is the ability of a backupsite to keep pace with the data transactions of a production site,without slowing down the production site. The overhead of journalinginherently requires several data transactions at the backup site foreach data transaction at the production site. As such, when datatransactions occur at a high rate at the production site, the backupsite may not be able to finish backing up one data transaction beforethe next production site data transaction occurs. If the production siteis not forced to slow down, then necessarily a backlog of un-logged datatransactions may build up at the backup site. Without being able tosatisfactorily adapt dynamically to changing data transaction rates, acontinuous data protection system chokes and eventually forces theproduction site to shut down.

SUMMARY

A method, system, and program product for creating a virtual LUN fromdata on a de-duplication device and exposing, via a DPA, the virtualLUN.

BRIEF DESCRIPTION OF THE DRAWINGS

Objects, features, and advantages of embodiments disclosed herein may bebetter understood by referring to the following description inconjunction with the accompanying drawings. The drawings are not meantto limit the scope of the claims included herewith. For clarity, notevery element may be labeled in every figure. The drawings are notnecessarily to scale, emphasis instead being placed upon illustratingembodiments, principles, and concepts. Thus, features and advantages ofthe present disclosure will become more apparent from the followingdetailed description of exemplary embodiments thereof taken inconjunction with the accompanying drawings in which:

FIG. 1 is a simplified illustration of a data protection system, inaccordance with an embodiment of the present disclosure;

FIG. 2 is a simplified illustration of a write transaction for ajournal, in accordance with an embodiment of the present disclosure;

FIG. 3 is a simplified illustration of a production site and a datareplication site, in accordance with an embodiment of the presentdisclosure;

FIG. 4 a is a simplified method for taking snapshots for ade-duplication device, in accordance with an embodiment of the presentdisclosure;

FIG. 4 b is an alternative simplified method for taking snapshots for ade-duplication device, in accordance with an embodiment of the presentdisclosure;

FIG. 5 is a further simplified method for taking snapshots for ade-duplication device, in accordance with an embodiment of the presentdisclosure;

FIG. 6 is a simplified method for taking snapshots for a de-duplicationdevice using changes between snapshots, in accordance with an embodimentof the present disclosure;

FIG. 7 is a simplified method for taking snapshots for a de-duplicationdevice using changes between snapshots, in accordance with an embodimentof the present disclosure;

FIG. 8 is an alternative simplified illustration of a production siteand a data replication site, in accordance with an embodiment of thepresent disclosure;

FIG. 9 is a simplified method for accessing a snapshot on ade-duplication device, in accordance with an embodiment of the presentdisclosure;

FIG. 10 is an alternative simplified method for accessing a snapshot ona de-duplication device, in accordance with an embodiment of the presentdisclosure;

FIG. 11 is an alternative simplified illustration of a production siteand a data replication site, in accordance with an embodiment of thepresent disclosure;

FIG. 12 is a simplified method for sending changes, in accordance withan embodiment of the present disclosure;

FIG. 13 is an example of an embodiment of an apparatus that may utilizethe techniques described herein, in accordance with an embodiment of thepresent disclosure; and

FIG. 14 is an example of an embodiment of a method embodied on acomputer readable storage medium that may utilize the techniquesdescribed herein, in accordance with an embodiment of the presentinvention.

DETAILED DESCRIPTION

Usually, it is beneficial to back-up production site data to a disasterrecovery site. Conventionally, disaster recovery sites may usede-duplication to limit the amount of data needed to be stored.Typically, to implement data de-duplication on a system withreplication, the backup software scans all the data on the backed-updevices as the device does not know which blocks have changed.Generally, this requires the back-up software to scan all the data andtransmit all the data to the de-duplication device. This continualscanning and transmission conventionally may take a long time and alarge amount of bandwidth.

In an embodiment of the current disclosure, replication snapshots fromthe production site may be pushed to the de-duplication system atselected times from a replication device to a de-duplication device. Insome embodiments, a file may be created for each volume to be backed up.In certain embodiments, backup may occur from a replica copy on thestorage array or recovery appliance. In certain embodiments, the backupon the replication device may copy the file content to the replica copy.In at least some embodiments, the replication device may takes asnapshot of the files on the backup device and track the changes to thevolumes. In most embodiments, when the next time to push the dataarrives, the replication device may push the location changes. Infurther embodiments, a protocol between the replication device and thebackup device may assure that transfer between the devices is optimized.

The following definitions are employed throughout the specification andclaims.

BACKUP SITE—may be a facility where replicated production site data isstored; the backup site may be located in a remote site or at the samelocation as the production site;

CLONE—a clone may be a copy or clone of the image or images, drive ordrives of a first location at a second location;

DELTA MARKING STREAM—may mean the tracking of the delta between theproduction and replication site, which may contain the meta data ofchanged locations, the delta marking stream may be kept persistently onthe journal at the production site of the replication, based on thedelta marking data the DPA knows which locations are different betweenthe production and the replica and transfers them to the replica to makeboth sites identical.

DPA—may be Data Protection Appliance a computer or a cluster ofcomputers, or a set of processes that serve as a data protectionappliance, responsible for data protection services including inter aliadata replication of a storage system, and journaling of I/O requestsissued by a host computer to the storage system;

RPA—may be replication protection appliance, is another name for DPA.

HOST—may be at least one computer or networks of computers that runs atleast one data processing application that issues I/O requests to one ormore storage systems; a host is an initiator with a SAN;

HOST DEVICE—may be an internal interface in a host, to a logical storageunit;

IMAGE—may be a copy of a logical storage unit at a specific point intime;

INITIATOR—may be a node in a SAN that issues I/O requests;

JOURNAL—may be a record of write transactions issued to a storagesystem; used to maintain a duplicate storage system, and to rollback theduplicate storage system to a previous point in time;

LOGICAL UNIT—may be a logical entity provided by a storage system foraccessing data from the storage system;

LUN—may be a logical unit number for identifying a logical unit;

PHYSICAL STORAGE UNIT—may be a physical entity, such as a disk or anarray of disks, for storing data in storage locations that can beaccessed by address;

PRODUCTION SITE—may be a facility where one or more host computers rundata processing applications that write data to a storage system andread data from the storage system;

SAN—may be a storage area network of nodes that send and receive I/O andother requests, each node in the network being an initiator or a target,or both an initiator and a target;

SOURCE SIDE—may be a transmitter of data within a data replicationworkflow, during normal operation a production site is the source side;and during data recovery a backup site is the source side;

SNAPSHOT—a Snapshot may refer to differential representations of animage, i.e. the snapshot may have pointers to the original volume, andmay point to log volumes for changed locations. Snapshots may becombined into a snapshot array, which may represent different imagesover a time period.

STORAGE SYSTEM—may be a SAN entity that provides multiple logical unitsfor access by multiple SAN initiators

TARGET—may be a node in a SAN that replies to I/O requests;

TARGET SIDE—may be a receiver of data within a data replicationworkflow; during normal operation a back site is the target side, andduring data recovery a production site is the target side;

WAN—may be a wide area network that connects local networks and enablesthem to communicate with one another, such as the Internet.

SPLITTER/PROTECTION AGENT: may be an agent running either on aproduction host a switch or a storage array which can intercept IO andsplit them to a DPA and to the storage array, fail IO redirect IO or doany other manipulation to the IO.

VIRTUAL VOLUME: may be a volume which is exposed to host by avirtualization layer, the virtual volume may be spanned across more thanone site

DISTRIBUTED MIRROR: may be a mirror of a volume across distance, eithermetro or geo, which is accessible at all sites.

BLOCK VIRTUALIZATION: may be a layer, which takes backend storagevolumes and by slicing concatenation and striping create a new set ofvolumes, which serve as base volumes or devices in the virtualizationlayer

MARKING ON SPLITTER: may be a mode in a splitter where intercepted IOsare not split to an appliance and the storage, but changes (meta data)are tracked in a list and/or a bitmap and I/O is immediately sent todown the IO stack.

FAIL ALL MODE: may be a mode of a volume in the splitter where all writeand read IOs intercepted by the splitter are failed to the host, butother SCSI commands like read capacity are served.

GLOBAL FAIL ALL MODE: may be a mode of a volume in the virtual layerwhere all write and read IOs virtual layer are failed to the host, butother SCSI commands like read capacity are served.

LOGGED ACCESS: may be an access method provided by the appliance and thesplitter, in which the appliance rolls the volumes of the consistencygroup to the point in time the user requested and let the host accessthe volumes in a copy on first write base.

VIRTUAL ACCESS: may be an access method provided by the appliance andthe splitter, in which the appliance exposes a virtual volume from aspecific point in time to the host, the data for the virtual volume ispartially stored on the remote copy and partially stored on the journal.

CDP: Continuous Data Protection, may refer to a full replica of a volumeor a set of volumes along with a journal which allows any point in timeaccess, the CDP copy is at the same site, and may be the same storagearray of the production site

CRR: Continuous Remote Replica may refer to a full replica of a volumeor a set of volumes along with a journal which allows any point in timeaccess at a site remote to the production volume and on a separatestorage array.

As used herein, the term storage medium may refer to one or more storagemediums such as a hard drive, a combination of hard drives, flashstorage, combinations of flash storage, combinations of hard drives,flash, and other storage devices, and other types and combinations ofcomputer readable storage mediums including those yet to be conceived. Astorage medium may also refer both physical and logical storage mediumsand may include multiple level of virtual to physical mappings and maybe or include an image or disk image.

A description of journaling and some techniques associated withjournaling may be described in the patent titled METHODS AND APPARATUSFOR OPTIMAL JOURNALING FOR CONTINUOUS DATA REPLICATION and with U.S.Pat. No. 7,516,287, which is hereby incorporated by reference.

A discussion of image access may be found in U.S. patent applicationSer. No. 12/969,903 entitled “DYNAMIC LUN RESIZING IN A REPLICATIONENVIRONMENT” filed on Dec. 16, 2010 assigned to EMC Corp., which ishereby incorporated by reference.

Description of Embodiments Using of a Five State Journaling Process

Reference is now made to FIG. 1, which is a simplified illustration of adata protection system 100, in accordance with an embodiment of thepresent invention. Shown in FIG. 1 are two sites; Site I, which is aproduction site, on the right, and Site II, which is a backup site, onthe left. Under normal operation the production site is the source sideof system 100, and the backup site is the target side of the system. Thebackup site is responsible for replicating production site data.Additionally, the backup site enables rollback of Site I data to anearlier pointing time, which may be used in the event of data corruptionof a disaster, or alternatively in order to view or to access data froman earlier point in time.

During normal operations, the direction of replicate data flow goes fromsource side to target side. It is possible, however, for a user toreverse the direction of replicate data flow, in which case Site Istarts to behave as a target backup site, and Site II starts to behaveas a source production site. Such change of replication direction isreferred to as a “failover”. A failover may be performed in the event ofa disaster at the production site, or for other reasons. In some dataarchitectures, Site I or Site II behaves as a production site for aportion of stored data, and behaves simultaneously as a backup site foranother portion of stored data. In some data architectures, a portion ofstored data is replicated to a backup site, and another portion is not.

The production site and the backup site may be remote from one another,or they may both be situated at a common site, local to one another.Local data protection has the advantage of minimizing data lag betweentarget and source, and remote data protection has the advantage is beingrobust in the event that a disaster occurs at the source side.

The source and target sides communicate via a wide area network (WAN)128, although other types of networks are also adaptable for use withthe present invention.

In accordance with an embodiment of the present invention, each side ofsystem 100 includes three major components coupled via a storage areanetwork (SAN); namely, (i) a storage system, (ii) a host computer, and(iii) a data protection appliance (DPA). Specifically with reference toFIG. 1, the source side SAN includes a source host computer 104, asource storage system 108, and a source DPA 112. Similarly, the targetside SAN includes a target host computer 116, a target storage system120, and a target DPA 124.

Generally, a SAN includes one or more devices, referred to as “nodes”. Anode in a SAN may be an “initiator” or a “target”, or both. An initiatornode is a device that is able to initiate requests to one or more otherdevices; and a target node is a device that is able to reply torequests, such as SCSI commands, sent by an initiator node. A SAN mayalso include network switches, such as fiber channel switches. Thecommunication links between each host computer and its correspondingstorage system may be any appropriate medium suitable for data transfer,such as fiber communication channel links.

In an embodiment of the present invention, the host communicates withits corresponding storage system using small computer system interface(SCSI) commands.

System 100 includes source storage system 108 and target storage system120. Each storage system includes physical storage units for storingdata, such as disks or arrays of disks. Typically, storage systems 108and 120 are target nodes. In order to enable initiators to send requeststo storage system 108, storage system 108 exposes one or more logicalunits (LU) to which commands are issued. Thus, storage systems 108 and120 are SAN entities that provide multiple logical units for access bymultiple SAN initiators.

Logical units are a logical entity provided by a storage system, foraccessing data stored in the storage system. A logical unit isidentified by a unique logical unit number (LUN). In an embodiment ofthe present invention, storage system 108 exposes a logical unit 136,designated as LU A, and storage system 120 exposes a logical unit 156,designated as LU B.

In an embodiment of the present invention, LU B is used for replicatingLU A. As such, LU B is generated as a copy of LU A. In one embodiment,LU B is configured so that its size is identical to the size of LU A.Thus for LU A, storage system 120 serves as a backup for source sidestorage system 108. Alternatively, as mentioned hereinabove, somelogical units of storage system 120 may be used to back up logical unitsof storage system 108, and other logical units of storage system 120 maybe used for other purposes. Moreover, in certain embodiments of thepresent invention, there is symmetric replication whereby some logicalunits of storage system 108 are used for replicating logical units ofstorage system 120, and other logical units of storage system 120 areused for replicating other logical units of storage system 108.

System 100 includes a source side host computer 104 and a target sidehost computer 116. A host computer may be one computer, or a pluralityof computers, or a network of distributed computers, each computer mayinclude inter alia a conventional CPU, volatile and non-volatile memory,a data bus, an I/O interface, a display interface and a networkinterface. Generally a host computer runs at least one data processingapplication, such as a database application and an e-mail server.

Generally, an operating system of a host computer creates a host devicefor each logical unit exposed by a storage system in the host computerSAN. A host device is a logical entity in a host computer, through whicha host computer may access a logical unit. In an embodiment of thepresent invention, host device 104 identifies LU A and generates acorresponding host device 140, designated as Device A, through which itcan access LU A. Similarly, host computer 116 identifies LU B andgenerates a corresponding device 160, designated as Device B.

In an embodiment of the present invention, in the course of continuousoperation, host computer 104 is a SAN initiator that issues I/O requests(write/read operations) through host device 140 to LU A using, forexample, SCSI commands. Such requests are generally transmitted to LU Awith an address that includes a specific device identifier, an offsetwithin the device, and a data size. Offsets are generally aligned to 512byte blocks. The average size of a write operation issued by hostcomputer 104 may be, for example, 10 kilobytes (KB); i.e., 20 blocks.For an I/O rate of 50 megabytes (MB) per second, this corresponds toapproximately 5,000 write transactions per second.

System 100 includes two data protection appliances, a source side DPA112 and a target side DPA 124. A DPA performs various data protectionservices, such as data replication of a storage system, and journalingof I/O requests issued by a host computer to source side storage systemdata. As explained in detail hereinbelow, when acting as a target sideDPA, a DPA may also enable rollback of data to an earlier point in time,and processing of rolled back data at the target site. Each DPA 112 and124 is a computer that includes inter alia one or more conventional CPUsand internal memory.

For additional safety precaution, each DPA is a cluster of suchcomputers. Use of a cluster ensures that if a DPA computer is down, thenthe DPA functionality switches over to another computer. The DPAcomputers within a DPA cluster communicate with one another using atleast one communication link suitable for data transfer via fiberchannel or IP based protocols, or such other transfer protocol. Onecomputer from the DPA cluster serves as the DPA leader. The DPA clusterleader coordinates between the computers in the cluster, and may alsoperform other tasks that require coordination between the computers,such as load balancing.

In the architecture illustrated in FIG. 1, DPA 112 and DPA 124 arestandalone devices integrated within a SAN. Alternatively, each of DPA112 and DPA 124 may be integrated into storage system 108 and storagesystem 120, respectively, or integrated into host computer 104 and hostcomputer 116, respectively. Both DPAs communicate with their respectivehost computers through communication lines such as fiber channels using,for example, SCSI commands.

In accordance with an embodiment of the present invention, DPAs 112 and124 are configured to act as initiators in the SAN; i.e., they can issueI/O requests using, for example, SCSI commands, to access logical unitson their respective storage systems. DPA 112 and DPA 124 are alsoconfigured with the necessary functionality to act as targets; i.e., toreply to I/O requests, such as SCSI commands, issued by other initiatorsin the SAN, including inter alia their respective host computers 104 and116. Being target nodes, DPA 112 and DPA 124 may dynamically expose orremove one or more logical units.

As described hereinabove, Site I and Site II may each behavesimultaneously as a production site and a backup site for differentlogical units. As such, DPA 112 and DPA 124 may each behave as a sourceDPA for some logical units, and as a target DPA for other logical units,at the same time.

In accordance with an embodiment of the present invention, host computer104 and host computer 116 include protection agents 144 and 164,respectively. Protection agents 144 and 164 intercept SCSI commandsissued by their respective host computers, via host devices to logicalunits that are accessible to the host computers. In accordance with anembodiment of the present invention, a data protection agent may act onan intercepted SCSI commands issued to a logical unit, in one of thefollowing ways:

Send the SCSI commands to its intended logical unit.

Redirect the SCSI command to another logical unit.

Split the SCSI command by sending it first to the respective DPA. Afterthe DPA returns an acknowledgement, send the SCSI command to itsintended logical unit.

Fail a SCSI command by returning an error return code.

Delay a SCSI command by not returning an acknowledgement to therespective host computer.

A protection agent may handle different SCSI commands, differently,according to the type of the command. For example, a SCSI commandinquiring about the size of a certain logical unit may be sent directlyto that logical unit, while a SCSI write command may be split and sentfirst to a DPA associated with the agent. A protection agent may alsochange its behavior for handling SCSI commands, for example as a resultof an instruction received from the DPA.

Specifically, the behavior of a protection agent for a certain hostdevice generally corresponds to the behavior of its associated DPA withrespect to the logical unit of the host device. When a DPA behaves as asource site DPA for a certain logical unit, then during normal course ofoperation, the associated protection agent splits I/O requests issued bya host computer to the host device corresponding to that logical unit.Similarly, when a DPA behaves as a target device for a certain logicalunit, then during normal course of operation, the associated protectionagent fails I/O requests issued by host computer to the host devicecorresponding to that logical unit.

Communication between protection agents and their respective DPAs mayuse any protocol suitable for data transfer within a SAN, such as fiberchannel, or SCSI over fiber channel. The communication may be direct, orvia a logical unit exposed by the DPA. In an embodiment of the presentinvention, protection agents communicate with their respective DPAs bysending SCSI commands over fiber channel.

In an embodiment of the present invention, protection agents 144 and 164are drivers located in their respective host computers 104 and 116.Alternatively, a protection agent may also be located in a fiber channelswitch, or in any other device situated in a data path between a hostcomputer and a storage system.

What follows is a detailed description of system behavior under normalproduction mode, and under recovery mode.

In accordance with an embodiment of the present invention, in productionmode DPA 112 acts as a source site DPA for LU A. Thus, protection agent144 is configured to act as a source side protection agent; i.e., as asplitter for host device A. Specifically, protection agent 144replicates SCSI I/O requests. A replicated SCSI I/O request is sent toDPA 112. After receiving an acknowledgement from DPA 124, protectionagent 144 then sends the SCSI I/O request to LU A. Only after receivinga second acknowledgement from storage system 108 may host computer 104initiate another I/O request.

When DPA 112 receives a replicated SCSI write request from dataprotection agent 144, DPA 112 transmits certain I/O informationcharacterizing the write request, packaged as a “write transaction”,over WAN 128 to DPA 124 on the target side, for journaling and forincorporation within target storage system 120.

DPA 112 may send its write transactions to DPA 124 using a variety ofmodes of transmission, including inter alia (i) a synchronous mode, (ii)an asynchronous mode, and (iii) a snapshot mode. In synchronous mode,DPA 112 sends each write transaction to DPA 124, receives back anacknowledgement from DPA 124, and in turns sends an acknowledgement backto protection agent 144. Protection agent 144 waits until receipt ofsuch acknowledgement before sending the SCSI write request to LU A.

In asynchronous mode, DPA 112 sends an acknowledgement to protectionagent 144 upon receipt of each I/O request, before receiving anacknowledgement back from DPA 124.

In snapshot mode, DPA 112 receives several I/O requests and combinesthem into an aggregate “snapshot” of all write activity performed in themultiple I/O requests, and sends the snapshot to DPA 124, for journalingand for incorporation in target storage system 120. In snapshot mode DPA112 also sends an acknowledgement to protection agent 144 upon receiptof each I/O request, before receiving an acknowledgement back from DPA124.

For the sake of clarity, the ensuing discussion assumes that informationis transmitted at write-by-write granularity.

While in production mode, DPA 124 receives replicated data of LU A fromDPA 112, and performs journaling and writing to storage system 120. Whenapplying write operations to storage system 120, DPA 124 acts as aninitiator, and sends SCSI commands to LU B.

During a recovery mode, DPA 124 undoes the write transactions in thejournal, so as to restore storage system 120 to the state it was at, atan earlier time.

As described hereinabove, in accordance with an embodiment of thepresent invention, LU B is used as a backup of LU A. As such, duringnormal production mode, while data written to LU A by host computer 104is replicated from LU A to LU B, host computer 116 should not be sendingI/O requests to LU B. To prevent such I/O requests from being sent,protection agent 164 acts as a target site protection agent for hostDevice B and fails I/O requests sent from host computer 116 to LU Bthrough host Device B.

In accordance with an embodiment of the present invention, targetstorage system 120 exposes a logical unit 176, referred to as a “journalLU”, for maintaining a history of write transactions made to LU B,referred to as a “journal”. Alternatively, journal LU 176 may be stripedover several logical units, or may reside within all of or a portion ofanother logical unit. DPA 124 includes a journal processor 180 formanaging the journal.

Journal processor 180 functions generally to manage the journal entriesof LU B. Specifically, journal processor 180 (i) enters writetransactions received by DPA 124 from DPA 112 into the journal, bywriting them into the journal LU, (ii) applies the journal transactionsto LU B, and (iii) updates the journal entries in the journal LU withundo information and removes already-applied transactions from thejournal. As described below, with reference to FIGS. 2 and 3A-3D,journal entries include four streams, two of which are written whenwrite transaction are entered into the journal, and two of which arewritten when write transaction are applied and removed from the journal.

Reference is now made to FIG. 2, which is a simplified illustration of awrite transaction 200 for a journal, in accordance with an embodiment ofthe present invention. The journal may be used to provide an adaptor foraccess to storage 120 at the state it was in at any specified point intime. Since the journal contains the “undo” information necessary torollback storage system 120, data that was stored in specific memorylocations at the specified point in time may be obtained by undoingwrite transactions that occurred subsequent to such point in time.

Write transaction 200 generally includes the following fields:

-   -   one or more identifiers;    -   a time stamp, which is the date & time at which the transaction        was received by source side DPA 112;    -   a write size, which is the size of the data block;    -   a location in journal LU 176 where the data is entered;    -   a location in LU B where the data is to be written; and    -   the data itself.

Write transaction 200 is transmitted from source side DPA 112 to targetside DPA 124. As shown in FIG. 2, DPA 124 records the write transaction200 in four streams. A first stream, referred to as a DO stream,includes new data for writing in LU B. A second stream, referred to asan DO METADATA stream, includes metadata for the write transaction, suchas an identifier, a date & time, a write size, a beginning address in LUB for writing the new data in, and a pointer to the offset in the dostream where the corresponding data is located. Similarly, a thirdstream, referred to as an UNDO stream, includes old data that wasoverwritten in LU B; and a fourth stream, referred to as an UNDOMETADATA, include an identifier, a date & time, a write size, abeginning address in LU B where data was to be overwritten, and apointer to the offset in the undo stream where the corresponding olddata is located.

In practice each of the four streams holds a plurality of writetransaction data. As write transactions are received dynamically bytarget DPA 124, they are recorded at the end of the DO stream and theend of the DO METADATA stream, prior to committing the transaction.During transaction application, when the various write transactions areapplied to LU B, prior to writing the new DO data into addresses withinthe storage system, the older data currently located in such addressesis recorded into the UNDO stream.

By recording old data, a journal entry can be used to “undo” a writetransaction. To undo a transaction, old data is read from the UNDOstream in a reverse order, from the most recent data to the oldest data,for writing into addresses within LU B. Prior to writing the UNDO datainto these addresses, the newer data residing in such addresses isrecorded in the DO stream.

The journal LU is partitioned into segments with a pre-defined size,such as 1 MB segments, with each segment identified by a counter. Thecollection of such segments forms a segment pool for the four journalingstreams described hereinabove. Each such stream is structured as anordered list of segments, into which the stream data is written, andincludes two pointers—a beginning pointer that points to the firstsegment in the list and an end pointer that points to the last segmentin the list.

According to a write direction for each stream, write transaction datais appended to the stream either at the end, for a forward direction, orat the beginning, for a backward direction. As each write transaction isreceived by DPA 124, its size is checked to determine if it can fitwithin available segments. If not, then one or more segments are chosenfrom the segment pool and appended to the stream's ordered list ofsegments.

Thereafter the DO data is written into the DO stream, and the pointer tothe appropriate first or last segment is updated. Freeing of segments inthe ordered list is performed by simply changing the beginning or theend pointer. Freed segments are returned to the segment pool for re-use.

A journal may be made of any number of streams including less than ormore than 5 streams. Often, based on the speed of the journaling andwhether the back-up is synchronous or a synchronous a fewer or greaternumber of streams may be used.

Delta Marking

A delta marker stream may contain the locations that may be differentbetween the latest I/O data which arrived to the remote side (thecurrent remote site) and the latest I/O data which arrived at the localside. In particular, the delta marking stream may include metadata ofthe differences between the source side and the target side. Forexample, every I/O reaching the data protection appliance for the source112 may be written to the delta marking stream and data is freed fromthe delta marking stream when the data safely arrives at both the sourcevolume of replication 108 and the remote journal 180 (e.g., DO stream).Specifically, during an initialization process no data may be freed fromthe delta marking stream; and only when the initialization process iscompleted and I/O data has arrived to both local storage and the remotejournal data, may be I/O data from the delta marking stream freed. Whenthe source and target are not synchronized, data may not be freed fromthe delta marking stream. The initialization process may start bymerging delta marking streams of the target and the source so that thedelta marking stream includes a list of all different locations betweenlocal and remote sites. For example, a delta marking stream at thetarget might have data too if a user has accessed an image at the targetsite.

The initialization process may create one virtual disk out of all theavailable user volumes. The virtual space may be divided into a selectednumber of portions depending upon the amount of data needed to besynchronized. A list of ‘dirty’ blocks may be read from the delta markerstream that is relevant to the area currently being synchronized toenable creation of a dirty location data structure. The system may beginsynchronizing units of data, where a unit of data is a constant amountof dirty data, e.g., a data that needs to be synchronized.

The dirty location data structure may provide a list of dirty locationuntil the amount of dirty location is equal to the unit size or untilthere is no data left. The system may begin a so-called ping pongprocess to synchronize the data. The process may transfer thedifferences between the production and replication site to the replica.

Deduplication and Data Replication

In some embodiments data replication may function in a datade-duplication environment. In certain embodiments, the data replicationdevice may enable the data deduplication to function more efficiently.In an embodiment, a snapshot of the data being deduplicated may be sentto the deduplication device. In some embodiments, changes to the imageor snapshot may be tracked and sent to the deduplication device. Infurther embodiments, data sent to the deduplication device may beaccessed. In still further embodiments, there may be differentconfigurations of replication and deduplication devices that enable thedata to be sent to the deduplication device.

Creating a Snapshot of the De-Duplicated Data

In an embodiment of the current disclosure, a data duplication device orsoftware may back up the system at the LUN level. In certainembodiments, a replication device in the system to be backed-up may havea consistency group. In most embodiments, each consistency group mayhave a number of volumes. In some embodiments, the replication devicemay create, for each volume, a file on the de-duplication device withthe same size as the volume. In certain embodiments, a replicationdevice may take a snapshot and send it to the deduplication device. Inother embodiments, a snapshot may be created on a storage array and sentto the deduplication device. In most embodiments, all the data in thefirst snapshot may be sent to the deduplication device. In mostembodiments, the snapshot may be an application consistent snapshot. Forexample, in some embodiments, a database may be quiesced or anapplication may be placed in a consistent space.

In certain embodiments, an image in a continuous replication environmentmay be pushed, which may pause the 5 phase distribution and may push thechanges from the volume or the journal to the deduplication device.

Moving Changes from Image to De-Duplication Device

In at least some embodiments, snapshots may be periodically taken of thedata being deduplicated. In some embodiments, the snapshot may be takenby the storage array. In certain embodiments, the storage may determinethe differences between the snapshots and send the difference to thededuplication device. In other embodiments, the storage may take thesnapshot and the replication device, which has been tracking the changesbetween the snapshots, may send the differences between the snapshots tothe deduplication device. In further embodiments, the replication devicemay take the snapshot and push the changes to the deduplication device.In yet further embodiments, such as described above, the replicationdevice may push the snapshot to the deduplication device whileprocessing other replication.

Refer now to the example embodiment of FIG. 3. In the example embodimentof FIG. 3 there is a production site 305 and a data recovery site 345.Production site has clients 310 which interact with server 315. Server315 may store data on primary storage 320. The data stored on primarystorage 320 may have may be replicated by recovery appliance 325.Recovery appliance 325 may communicate the data to back-upde-duplication device 330. De-duplication device 330 may transmit thedata to de-duplication device 340 at disaster recover site 345 via WAN335. De-duplication devices 330 and 345 may de-duplicate the data, thatis, only store redundant portions of the data once. In an embodiment,recovery appliance 325 may have a consistency group, and the consistencygroup may consist of a group of volumes. In some embodiments, it may bedesirable to send this information to the de-duplication device. Incertain embodiments, it may be desirable for this data to be in anapplication consistent state. In some embodiments, an applicationconsistent state may be created by pausing or quiescing theapplications. In most embodiments, the deduplication device may archivethe snapshots sent to the data deduplication device.

Refer now to the example embodiments of FIG. 3 and FIG. 4 a. Replicationdevice 325 may create files for each volume in the consistency group onde-duplication device 330 (step 402), each file has the size of thereplicated LUN. Replication device 325 may create an applicationconsistent snapshot of the data on storage 320 (step 403). Replicationdevice may send the data on storage 320 to de-duplication device 330(step 404). De-duplication device 330 may now have a copy of the datastored on storage device 320 and make take a snapshot of the data (step406) at the de-duplication device, note in some embodiments both storagearray and de-duplication device may provide snapshots. Storage 320 mayperiodically quiesce any application and take an application consistentsnapshot of the data on storage 320 (step 408). In some embodiments, thestorage array 320 provides an API to get the list of differences betweentwo snapshots. The replication device 325 reads the list of differencesand then it read the locations which changed in the snapshot (step 410).Replication device 325 may send the changes to De-duplication device 330(step 412). In certain embodiments, steps 406-412 may be repeated.

Refer now to the example embodiments of FIG. 3 and FIGS. 4 b. Theexample embodiments of FIGS. 3 and 4 b, illustrate pushing data from astorage which may not have an API to read the differences betweensnapshots. A file is created for each volume (step 422). A splitter instorage 320 is configured to split writes to DPA 325 or to send writemeta data for each write to DPA 325 (step 424). DPA 325 tracks thelocations of the IOs that arrive (step 425). A first snapshot is createdat storage 320 (step 426). The data of the snapshot is read (step 428).The snapshot data is written to the file on de-duplication device 330(step 430). A snapshot is created at the de-duplication device 330 (step431). Snapshot is erased from storage array 320 (step 432). A newsnapshot is created on storage array 320 (step 434). Based on the changelist written by DPA 325, the locations that changed are sent tode-duplication device 330 (step 436). In some embodiments steps 431-436are repeated. In other embodiments, the replication can be localreplication such as in FIG. 3 or remote replication as exemplified inFIG. 8.

Refer now to the example embodiments of FIGS. 5 and 8. In theseembodiments, a consistent snapshot may be sent to the de-duplicationdevice 830. A file is created on de-duplication device 830 for eachvolume being replicated (step 502). Continuous replication is enabled(step 522). An application consistent bookmark is created by quiescingany applications and creating a logical bookmark in the continuousreplication stream (step 524). Distribution from journal 847 pauses whendata of the application consistent bookmark is written to the replicavolumes (step 526). Data is read from the replica volumes (step 530).Data for locations which have changed is pushed to the files inde-duplication device 830, if this is the first time data is pushed alllocations are marked as changed (535). A snapshot is created atde-duplication device 830 (step 540). In certain embodiments, steps524-540 may be repeated.

Refer now to the example embodiments of FIGS. 6 and 8. In theseembodiments, the first snapshot may be sent to the de-duplication devicewithout the snapshot being consistent. Continuous replication is enabled(step 642). Tracking starts at DPA 842 (643). All the data of thevolumes being replicated on storage 820 is pushed to de-duplicationdevice 830 (step 644) i.e. data from LUN 849 is pushed to de-duplicationdevice 830. A logical bookmark is created by the continuous replicationdevice 822 (step 646). When bookmark data is applied to the replicavolume, replication is paused, locations marked as changed as trackingstarted are pushed from the volumes to the files on de-duplicationdevice 830 (648). A snapshot is created on de-duplication device 830(650).

In certain embodiments, after creation of a snapshot, a method similarto the example embodiment of FIG. 7 may occur. Refer now to the exampleembodiments of FIGS. 7 and 8. In these embodiments, the changes to thesnapshots may be pushed to the de-duplication device 830. An applicationconsistent bookmark is created (step 742). Distribution is paused (step744). The changes to the snapshot are pushed to de-duplication device830 (step 746). When all changes are sent to the consistent point intime, a snapshot is created using the data in de-duplication device 830(step 750).

In some embodiments, there may be different ways to get the list ofchanges from a paused snapshot. In particular embodiments, a journal ofthe replication may be configured to include all the data from the lasttime the snapshot was pushed. In these embodiments, the change list maybe read from the meta data undo stream and the data until the lastbookmark may be pushed to the de-duplication device may be a read and amap of the dirty locations created. In other embodiments, a changetracker may be created to track locations which changed at the replicavolumes.

Accessing the Data

In certain embodiments, it may be desirable to recover data from thede-duplication device. In some embodiments, it may be desirable torecover a file at a given point in time. In other embodiments, it may bedesirable to recover the full LUN or snap image from a given point oftime.

Refer now to the example embodiments of FIGS. 3 and 9. In these exampleembodiments a LUN is exposed. A point in time pushed to de-duplicationdevice 330 is selected (step 905). Replication device 325 creates avirtual LUN (step 910). Storage array 320 exposed a new LUN to the userservers 315 (step 915). IOs arriving to the storage LUN are interceptedby a splitter in storage 320 and sent to DPA's 325 virtual LUN (step920). A determination is made if the IO is a write IO (step 925). If theIO is a write IO, the IO is written to a journal in storage 320 (step940). If the IO are reads DPA 325 checks if the read locations werewritten to the image access journal (step 930). If the data was written,then the IO is read from the journal (step 945). If the IO was notoverwritten in the journal, the IO is read from de-duplication device330 (step 935).

In other embodiments, if it is desired to recover a single file orobject, a virtual machine may be configured to consume the LUN exposed,the virtual machine may mount the LUN as a file system and may also runspecific application from the device, like Microsoft exchange, and thereplication system may read the file from the file system, or mayrestore an object like a mail box from the application (e.g. Microsoftexchange). In other embodiments, if a file system may not be mounted toa virtual machine, a physical server enabled to access the file systemmay be configured to mount the file system or/and run the applicationfrom the LUs exposed, and the replication machine may recover the filefrom the mounted file system to a desired location, or may recover anobject like a DB table of a mail box.

In some embodiments, to enable recovery of a single file, the dataprotection system may mount the files in the de-duplication device asdescribed in FIG. 9 and a management layer located in the dataprotection appliance may create a back-up catalog for all files that arebeing protected, a single file, a single DB table, or a single mailboxfrom the catalog may be recovered. In some embodiments, the dataprotection appliance code may run as a set of processes in the storagearray or may run as a virtual machine. In certain embodiments, a fullLUN may be recovered during a failover and the system may copy the datafrom the de-duplication device to a production LUN while the productionLUN is being used.

Refer now to the example embodiment of FIGS. 10 and 11. In theembodiment of FIG. 10, a LUN is exposed (step 1042). In someembodiments, such as FIG. 10, read and write IOs may be handled in asimilar way to FIG. 9. In the embodiment of FIG. 10, a backgroundprocess reads the data from the file exposed by the de-duplicationdevice to the LUN (step 1044).

Once all data is read from de-duplication device 1130, new data may beread either from the LUN or the journal (step 1046). The log containingall the new IOs (the image access do journal) may be applied to thevolume after data was copied from the file (step 1050). Once the journalis rolled user may access the LUN directly, without going through dataprotection appliance 1130 (step 1055).

In other embodiments, data may be transferred from the DPA to thede-duplication device in different ways. In a first embodiment, data maybe written to the files over the NFS protocol exposed by ade-duplication device. In an alternative embodiment, a protocol may beused over IP between the de-duplication device and the replicationdevice. In this embodiment, a list of the meta data of the changes andthe changes themselves may be sent. In certain embodiments, this mayenable the de-duplication device to optimize the writes. In someembodiments, the protocol may also be checked if the locations suspectedas changed are changed.

Refer now to the example embodiment of FIG. 12. The changed locations inthe snapshot are read (step 1242). Signatures are sent to de-duplicationdevice (step 1244). If data changed, the changes are sent to thede-duplication device (step 1246). A snapshot is taken at thede-duplication device (step 1250). In some embodiments, the DPA may be avirtual machine. In other embodiments, the DPA may be a set of processesin the storage array. In further embodiments, the DPA may be in thede-duplication device.

The methods and apparatus of this invention may take the form, at leastpartially, of program code (i.e., instructions) embodied in tangiblenon-transitory media, such as floppy diskettes, CD-ROMs, hard drives,random access or read only-memory, or any other machine-readable storagemedium. When the program code is loaded into and executed by a machine,such as the computer of FIG. 13, the machine becomes an apparatus forpracticing the invention. When implemented on one or moregeneral-purpose processors, the program code combines with such aprocessor to provide a unique apparatus that operates analogously tospecific logic circuits. As such a general purpose digital machine canbe transformed into a special purpose digital machine. FIG. 14 showsProgram Logic 1410 embodied on a computer-readable medium 1430 as shown,and wherein the Logic is encoded in computer-executable code configuredfor carrying out the reservation service process of this invention andthereby forming a Computer Program Product 1400. Logic 1340 of FIG. 13may be loaded into memory 1304 and executed by processor 1430. Logic1340 may also be the same logic 1410 on computer readable medium 1430.

The logic for carrying out the method may be embodied as part of theaforementioned system, which is useful for carrying out a methoddescribed with reference to embodiments shown in, for example, FIG. 3and FIG. 4. For purposes of illustrating the present invention, theinvention is described as embodied in a specific configuration and usingspecial logical arrangements, but one skilled in the art may appreciatethat the device is not limited to the specific configuration but ratheronly by the claims included with this specification.

Although the foregoing invention has been described in some detail forpurposes of clarity of understanding, it may be apparent that certainchanges and modifications may be practiced within the scope of theappended claims. Accordingly, the present implementations are to beconsidered as illustrative and not restrictive, and the invention is notto be limited to the details given herein, but may be modified withinthe scope and equivalents of the appended claims.

In reading the above description, persons skilled in the art willrealize that there are many apparent variations that can be applied tothe methods and systems described. Thus it will be appreciated that, inaddition to data replication systems, the optimal journaling policy ofthe present invention has widespread application to journaling systemsincluding database systems and version control systems.

In the foregoing specification, the invention has been described withreference to specific exemplary embodiments thereof. It may, however, beevident that various modifications and changes may be made to thespecific exemplary embodiments without departing from the broader spiritand scope of the invention as set forth in the appended claims.Accordingly, the specification and drawings are to be regarded in anillustrative rather than a restrictive sense.

What is claimed is:
 1. A system for accessing data on a data de-duplication device, the system comprising: a data protection appliance (DPA) including a journal; a de-duplication device containing one or more points in time; and computer-executable logic operating in memory, wherein the computer-executable program logic is configured for execution of: creating a virtual LUN based on data on the de-duplication device and the journal of the DPA corresponding to one of the one or more points in time; exposing, via the DPA, the virtual LUN; wherein read write access to the virtual LUN is enabled; wherein write IOs to the virtual LUN are stored in the journal of the DPA.
 2. The system of claim 1 wherein the computer executable logic further configured for execution of: determining if a read IO to the virtual LUN corresponds to a portion written in the journal; and based on a positive determination, reading the read IO from the journal.
 3. The system of claim 2 wherein the computer executable logic further configured for execution of: based on a negative determination of the read IO to the virtual LUN corresponding to a portion written in the journal, reading the IO from the de-duplication device.
 4. The system of claim 1 wherein the computer executable logic further configured for execution of: reading data from the de-duplication device; applying data to the LUN; reading data from the journal; applying the data to the LUN; and letting the host transparently access the LUN directly and not transfer and data to the DPA device.
 5. The system of claim 1 wherein the computer executable logic further configured for execution of: exposing, by a storage array, the virtual LUN to a server; wherein the storage array has a splitter; intercepting IOs from the server to the storage array by the splitter; and sending the intercepted IO to the DPA.
 6. A computer implemented method for data replication, the method comprising: creating a virtual LUN from data on a de-duplication device containing one or more points in time; wherein the virtual LUN corresponds to one of the one or more points in time and a journal of a DPA; exposing, via the DPA, the virtual LUN; wherein read write access to the virtual LUN is enabled; wherein write IOs to the virtual LUN are stored in the journal of the DPA.
 7. The computer implemented method of claim 6 wherein the method is further configured for execution of: determining if a read IO corresponds to a portion written in the journal; and based on a positive determination, reading the read IO from the journal.
 8. The computer implemented method of claim 6 wherein based on a negative determination of the read corresponding to a portion written in the journal, reading the IO from the de-duplication device.
 9. The computer implemented method of claim 6 wherein the executable program code is further configured for execution of: reading data from the de-duplication device; applying data to the LUN; reading data from the journal; applying the data to the LUN; and accessing letting the host transparently access the LUN directly and not transfer and data to the DPA device.
 10. The computer implemented method of claim 6 wherein the method is further configured for execution of: exposing, by a storage array, the virtual LUN to a server; wherein the storage array has a splitter; intercepting IOs from the server to the storage array by the splitter; and sending the intercepted IO to the DPA.
 11. A computer program product for use in replication comprising: a non-transitory computer readable medium encoded with computer executable program code for replication of data, the code configured to enable the execution of: creating a virtual LUN from data on a de-duplication device containing one or more points in time; wherein the virtual LUN corresponds to one of the one or more points in time and a journal of a DPA exposing, via a DPA, the virtual LUN; wherein read write access to the virtual LUN is enabled; wherein write IOs to the virtual LUN are stored in the journal of the DPA.
 12. The computer product of claim 11 wherein the method is further configured for execution of: determining if a read IO corresponds to a portion written in the journal; and based on a positive determination, reading the read IO from the journal.
 13. The computer product of claim 11 wherein the method is further configured for execution of: based on a negative determination of the read corresponding to a portion written in the journal, reading the IO from the de-duplication device.
 14. The computer product of claim 11 wherein the method is further configured for execution of: reading data from the de-duplication device; applying data to the LUN; reading data from the journal; applying the data to the LUN; and accessing letting the host transparently access the LUN directly and not transfer and data to the DPA device.
 15. The computer product of claim 11 wherein the de-duplication device has LUN data stored as one or more files.
 16. The computer product of claim 11 wherein a storage array exposes a LUN to an application; a splitter on the storage array redirects IOs to the LUN to the DPA; and the application answers the data via the LUN.
 17. The computer product of claim 11 wherein the DPA is selected from the group consisting of a virtual machine, a set of processes in the one or more storage mediums, and a part of the de-duplication device.
 18. The computer product of claim 11 wherein a Virtual Machine automatically mounts the DPA to a point in time in a response to a request to restore a file, consumes a LUN exposed by the storage enabling file systems to be automatically mounted and single file recovered.
 19. The computer product of claim 11 wherein the method is further configured for execution of: exposing, by a storage array, the virtual LUN to a server; wherein the storage array has a splitter; intercepting IOs from the server to the storage array by the splitter; and sending the intercepted IO to the DPA. 